How easy is it to send a spoof e-mail from the PM?

The IT expert Jeroen Baert from the Catholic University of Leuven in Flemish Brabant has discovered that it is extremely easy to send bogus e-mails that look like they come from the Prime Minister or other members of the Federal Cabinet. The Cybersecurity Centre is working on trying to solve the issue.
Reporters

In recent days so-called spoofing has been in the news in The Netherlands. This is an old school technique whereby a false e-mail address can be given as the “sender” of an e-mail message. The site follow the money was able to send mails that looked like they came from the Dutch Prime Minister Mark Rutte.

Jeroen Baert told VRT News "Compare it with sending a letter. There too you can write on the back of the envelope that it came from someone else. With these mails it’s it really the same”.

However, using the correct settings you can verify whether the sender is entitled to use a particular e-mail address as sender. However, the setting are wrongly installed or not installed at all.
Mr Michel, Mr Jambon and Mr Francken.

In the wake of the recent commotion in the Netherlands, Jeroen Baert carried out an experiment to see whether there are similar issues here. He sent the press agency Belga e-mails that had as their sender e-mail addresses that are identical to those used by the Prime Minister Charles Michel (Francophone liberal), the Interior Minister Jan Jambon and the Secretary of State responsible for asylum and migration Theo Francken (both Flemish nationalist) for press releases.

"This spoken is worse than I had expected. It works with @fed.be addresses and with @dekamer.be, @vlaamsparlement.be etc. This is strange as the problem has presumably existed for a long time, but is quite easy to solve".

The danger is of course that someone would use spoofing for dishonest practices. Jeroen Baert advises opperator to work on their “SPF record” that defines who can use which address.

Meanwhile, the Centre for Cybersecurity is aware of the problem and is working to try and resolve it.